Malicious PDF — malware analysis report

Static analysis result for SHA-256 00a8228724006901…

MALICIOUS

PDF

33.5 KB Created: 2019-05-18 14:49:45 +03:00 Authoring application: mPDF 6.0
MD5: 467e704cf1913c59a1e0604d02ed3b42 SHA-1: b3f8f278a55898886c5a25a8300f1bae9d2c7f50 SHA-256: 00a8228724006901563076702ce416514a28b20ec22808ebfe49008b08d90f85
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was detected as malicious by ClamAV and an ML classifier, and exhibits characteristics of a link farm. It contains 32 embedded external links, primarily pointing to PDF files on the 'gorillawalker.com' domain. This suggests a distribution or SEO poisoning attack rather than direct payload delivery within this file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7006848-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7006848-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/i-like-to-be-little.pdf
    • http://www.gorillawalker.com/assume-the-position-kindle-edition.pdf
    • http://www.gorillawalker.com/conjugaison-progressive-du-francais-niveau-intermediaire-with-one-cd-audio.pdf
    • http://www.gorillawalker.com/nonparametric-methods-in-change-point-problems-mathematics-and-its-applications.pdf
    • http://www.gorillawalker.com/emotionally-healthy-spirituality-unleash-a-revolution-in-your-life-in.pdf
    • http://www.gorillawalker.com/endstation-wirklichkeit-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/more-than-honey-the-survival-of-bees-and-the-future.pdf
    • http://www.gorillawalker.com/viscoelastic-materials.pdf
    • http://www.gorillawalker.com/shattered-dreams-god-s-unexpected-pathway-to-joy-workbook.pdf
    • http://www.gorillawalker.com/gmat-sentence-correction-grail-3rd-edition.pdf
    • http://www.gorillawalker.com/commenting-and-commentaries-a-reference-guide-to-the-best-bible.pdf
    • http://www.gorillawalker.com/the-grolier-library-of-north-american-biographies-complete-10-volume.pdf
    • http://www.gorillawalker.com/roadside-songs-of-tuscany-pt-2-kindle-edition.pdf
    • http://www.gorillawalker.com/java-puzzlers-traps-pitfalls-and-corner-cases.pdf
    • http://www.gorillawalker.com/game-of-our-lives-the-the-meaning-and-making-of.pdf
    • http://www.gorillawalker.com/dise-o-preliminar-de-una-planta-de-gas-natural-licuado.pdf
    • http://www.gorillawalker.com/understanding-options-on-stocks-and-exchange-traded-funds-kindle-edition.pdf
    • http://www.gorillawalker.com/brandon-graham-walrus-brandon-graham-s-all-bum-album.pdf
    • http://www.gorillawalker.com/fluoride-in-preventive-dentistry-theory-and-clinical-applications.pdf
    • http://www.gorillawalker.com/noise-reduction-techniques-in-electronic-systems-2nd-edition.pdf
    • http://www.gorillawalker.com/louisiana-the-louisiana-experience.pdf
    • http://www.gorillawalker.com/quantitative-ultrasound-in-soft-tissues.pdf
    • http://www.gorillawalker.com/rough-notes-of-an-exploration-for-an-inter-oceanic-canal.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-with-analytic-geometry-11th-edition.pdf
    • http://www.gorillawalker.com/measure-topology-and-fractal-geometry-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/power-of-passion.pdf
    • http://www.gorillawalker.com/breath-sweeps-mind.pdf
    • http://www.gorillawalker.com/tortoise-trouble.pdf
    • http://www.gorillawalker.com/masters-social-work-exam-flashcard-study-system-aswb-test-practice.pdf
    • http://www.gorillawalker.com/researching-social-life.pdf
    • http://www.gorillawalker.com/die-rolle-und-funktion-der-typographie-in-der-lyrik-german.pdf
    • http://www.gorillawalker.com/mechanisches-verhalten-keramischer-werkstoffe-versagensablauf-werkstoffauswahl-dimensionierung-wft-werkstoff-forschung.pdf
    • http://www.gorillawalker.com/community-health-nursing-alliance-for-health.pdf
    • http://www.gorillawalker.com/alimentazione-naturale-la-medicina-per-l-anima-italian-edition-kindle.pdf
    • http://www.gorillawalker.com/notes-from-the-other-side-of-night.pdf
    • http://www.gorillawalker.com/rivers-of-london-body-work-1-rivers-of-london-body.pdf
    • http://www.gorillawalker.com/coffee-with-jesus.pdf
    • http://www.gorillawalker.com/optical-coherence-tomography-in-current-glaucoma-practice-pearls-and-pitfalls.pdf
    • http://www.gorillawalker.com/the-empty-chair-finding-hope-and-joytimeless-wisdom-from-a.pdf
    • http://www.gorillawalker.com/belong-to-me-wicked-lovers.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.